August 24th, 2017
Ransomware is hitting WordPress – cover your a***.
We follow a number of blogs and security networks and have begun to see a theme emerging – ransomware affecting websites.
Ransomware is nothing necessarily new, but it has certainly hit the headlines and become more common knowledge recently. Take for example the infamous WannaCry attack on the NHS and other large organisations like Qatar National Bank and BNP Paribas.
But that’s enough about other people’s misery, what about your WordPress site? Surely that’s not under the same threat? Unfortunately, that sort of thinking could land you in some deep doo doo!
Here’s some information we’ve collected together to help you learn more and make sure you’re covering your a*** when it comes to your business…
What is ransomware?
Ransomware is some pretty nasty software that a hacker installs on your computer or server. They typically exploit some sort of vulnerability in your system, a back door, something unprotected or not properly updated.
The software usually sits in the background quietly for a while, before automatically activating, or it can happen immediately. Regardless, that’s when the worst happens.
The software ‘executes’, encrypting all of your files with a strong, almost unbreakable encryption. If you’ve not experienced it, imagine watching your files being locked, one-by-one, in front of your eyes, completely inaccessible.
For any business, this can be detrimental. Imagine an e-commerce website that no longer has access to customer orders or any product data. Or back to the example of the NHS… What happens when you can no longer read patient records for people in your care!?
The hacker then asks for a ransom in exchange for decrypting your files. According to the Symantec Threat Report, 2017 ransoms have recently increased 266% to an average of $1,077 per victim, which is no small sum.
Make no mistake, ransomware attacks are a truly criminal business model. Sadly most businesses have no choice but to pay the ransom to get their data back, even though many national security services advise against this.
In terms of paying the ransom, attackers typically choose the online currency BitCoin, as it gives them an anonymous wallet through which to receive payments.
Ransomware hitting WordPress sites
When we notice a theme emerging, it’s really important to pick up on it. At Illustrate we look after 100+ websites and arguably the most important part of our work is to keep these sites safe on a daily basis.
Recently we’ve been picking up on increasingly more conversation on sites like WordFence and Sucuri that ransomware is hitting WordPress – not a good thing at all.
As mentioned in the explanation above, the ransomware would infect your website and encrypt the files asking for a ransom in return for providing an unlock code to get your files back.
Once you’ve been exploited, the hacker is in control, and the results look like this:
The current systems being discovered are pretty basic. They encrypt but often don’t have any way to decrypt the data afterwards even when they say they will. It is very likely we will see more of these types of attack coming out that specifically target the web. WordPress is the number one system for managing websites around the world and so it is always a target. Because of this, the amazing and very active community is always releasing security updates and there are many ways to protect yourself.
How to protect yourself and your website
There are a number of key things to make sure you do to keep your website, its data and ultimately your customers safe:
- Keep WordPress updated – don’t let the update process fall behind. Almost every version of WordPress, whether small or large, provides an important security update to help close off vulnerabilities and reduce the likelihood of hacks.
- Install security software – use trusted plugins. We recommend the Sucuri products for WordPress since they’re very proactive with protection, including an active firewall and lots of site scans. There are many more products out there at a lower cost too – it’s your gamble to take.
- Backup everything – all of the time. The more backup points you have, the more of your data you may have saved. Most WordPress hosting providers do this on the server, however, this is a risk when it comes to ransomware as these attacks can also encrypt your backups. Services like our WordPress Maintenance make sure this isn’t an issue by creating offsite backups stored in a separate location. We take our backups up to once per hour depending on your service level with us, so the data is always fresh, which is important depending on when the hack takes place and how much real-time data you can afford to lose.
If you’re interested in learning more about securing your WordPress site, be sure to read our other blog post – Top Tips for WordPress Security.
What to do if you’re affected
If you are affected by this ransomware, DO NOT PAY THE RANSOM. Whaaat? Are we mad? No… It’s extremely unlikely the attacker will actually decrypt your files. If they provide you with a decryption key, you’ll still need an experienced PHP developer to help you fix their broken code in order to use the key and reverse the encryption. We don’t mind doing this (well we do, it’s a pain) but unfortunately it won’t be a cheap process either!
The best thing we can say here is to seek professional advice from a developer or security expert and most definitely contact the local authorities. Ransomware is a serious crime.
The problem is likely to get worse
Like any technology, this could evolve into something much bigger than is it now, making it a much bigger problem.
We can’t stress enough how important it is to make sure you’re covered against these sorts of issues. Those with WooCommerce sites could be particularly vulnerable, especially if you rely on your website as your sole business income, it can have devastating effects.
A very good question to ask in all this is “do you have the relevant insurance to cover this sort of issue?” We’re always up for a chat about how to best protect your WordPress site from malicious attacks, including recommendations for software and insurance to combat the issue head on.
Of course, the best remedy to this sort of evil is always to be as pro-active as possible and ensure that your site is well looked after by an experienced professional.
The other consequences of malware
Unfortunately, when it comes to ransomware and other malware, the consequences don’t stop at just losing your data. Here are some other ways it can affect you in a big way:
- A blacklisted website – having a major effect on your search results. If Google detects malware on your site they will almost definitely blacklist you and stop potential visitors from seeing your website. Reversing these effects is a horrible process and, again, if your business relies on website income this isn’t such a nice result.
- The GDPR – how you’re handling your customer data. GDPR stands for the General Data Protection Regulation, which is the new law governing data within the EU that comes into play from 18th May 2018. If you’re found to be losing or mistreating customer data, there can be severe consequences.
- Legal cases – customers taking you to court. This could be potentially the most upsetting of any consequence and one that I hope we can all avoid – but if we’re caught to be negligent in looking after our customer’s data, they’re not going to be very happy about it and may come after you as a result.
Well… There’s nothing like a heavy end to a serious blog post, is there!?
Genuinely though, I hope this has been of great value to you in helping cover your a*** when it comes to WordPress security against ransomware.
Again, if you’re interested in learning more about securing your WordPress site in more detail, then be sure to read our other blog post – Top Tips for WordPress Security.